gotthard_g/aaredb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
aaredb/backend/app/ssl_heidi.py

52 lines
1.8 KiB
Python
Raw Blame History

# Generate SSL Key and Certificate
from cryptography import x509
from cryptography.x509.oid import NameOID
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.serialization import Encoding
import datetime
def generate_self_signed_cert(cert_file: str, key_file: str):
# Generate private key
key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
)
# Write private key to file
with open(key_file, "wb") as f:
f.write(key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption(),
))
# Generate self-signed certificate
subject = issuer = x509.Name([
x509.NameAttribute(NameOID.COUNTRY_NAME, u"CH"),
x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, u"Argau"),
x509.NameAttribute(NameOID.LOCALITY_NAME, u"Villigen"),
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"Paul Scherrer Institut"),
x509.NameAttribute(NameOID.COMMON_NAME, u"PSI.CH"),
])
cert = x509.CertificateBuilder().subject_name(
subject
).issuer_name(
issuer
).public_key(
key.public_key()
).serial_number(
x509.random_serial_number()
).not_valid_before(
datetime.datetime.utcnow()
).not_valid_after(
# Our certificate will be valid for 10 days
datetime.datetime.utcnow() + datetime.timedelta(days=10)
).add_extension(
x509.SubjectAlternativeName([x509.DNSName(u"localhost")]),
critical=False,
).sign(key, hashes.SHA256())
# Write certificate to file
with open(cert_file, "wb") as f:
f.write(cert.public_bytes(Encoding.PEM))
Reference in New Issue View Git Blame Copy Permalink